Difference between revisions of "User:Shawndouglas/sandbox/sublevel1"

From LIMSWiki
Jump to navigationJump to search
(Replaced content with "So far in this guide, the assumption has been made that your organization—whether a laboratory or some other business type—will either have the knowledgeable and exper...")
Tag: Replaced
Line 1: Line 1:
 
So far in this guide, the assumption has been made that your organization—whether a laboratory or some other business type—will either have the knowledgeable and experienced onsite personnel to assist with a cloud implementation or will acquire such people as new hires or contracted consultants. But as the age of [[cloud computing]] has progressed ever onward and more businesses have moved to the cloud, a third option has emerged: have someone else, like an MSSP, manage most of the implementation and security details for you.
 
[[File:Devuan GNU-Linux - tty login as root in an ownCloud instance - server rack.jpg|right|350px]]In Chapter 1, we compared and contrasted hybrid cloud, multicloud, and distributed cloud deployments. Remember that hybrid cloud integrates a private cloud or local IT infrastructure with a public cloud, multicloud multiplies public cloud into services from two or more vendors, and distributed cloud takes a public cloud and expands it to multiple edge locations. Hybrid and distributed deployments typically involve one public cloud vendor, and multicloud involves more than one public cloud vendor. But why would any laboratory want to spread its operations across two or more CSPs?
 
"Multicloud has the benefit of reducing vendor lock-in by implementing resource utilization and storage across more than one public cloud provider," we said in Chapter 1. The benefits of choosing a multicloud option over other options are a bit contentious however. Writing for the Carnegie Endowment in 2020, Maurer and Hinck address the issues of multicloud in detail<ref name="MaurerCloud20">{{cite web |url=https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597 |title=Cloud Security: A Primer for Policymakers |author=Maurer, T.; Hinck, G. |publisher=Carnegie Endowment for International Peace |date=31 August 2020 |accessdate=21 August 2021}}</ref>:
 
<blockquote>Proponents argue that this approach has benefits such as avoiding vendor lock-in, increasing resilience to outages, and taking advantage of competitive pricing. However, each of these points is contested; for instance, some might argue that ensuring a CSP’s infrastructure architecture is secure is a much better way to enhance resilience than replicating workloads across multiple CSPs ... However, using multiple cloud providers can create greater complexity for organizations in terms of managing their cloud usage and creating more potential points of vulnerability, as the Cloud Security Alliance discussed in a May 2019 report.</blockquote>
 
However, that very same complexity, found with most any cloud technology, brings with it risks related to vendor lock-in, seemingly forming a vicious circle. Carnegie Endowment's Levite and Kalwany noted in November 2020<ref name="LeviteCloud20">{{cite web |url=https://carnegieendowment.org/2020/11/09/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 |title=Cloud Governance Challenges: A Survey of Policy and Regulatory Issues |author=Levite, A.; Kalwani, G. |publisher=Carnegie Endowment for International Peace |date=09 November 2020 |accessdate=21 August 2021}}</ref>:
 
<blockquote>... the complex technology behind cloud services exacerbates risks of vendor lock-in. There are two main factors to consider here: the level of interoperability (how easy it is to make different cloud services work together as well as work with on-site consumer IT systems), and portability (how easy it is to switch data and applications from one cloud service to another, as well as from on-site systems to the cloud and back). Standards enabling both interoperability and portability of cloud services are likely to emerge as [among other things] a means of avoiding vendor lock-in.</blockquote>
 
To be sure, interoperability and portability are important concepts, not only in cloud computing<ref name="LeviteCloud20" /><ref name="RamalingamAddress21">{{cite journal |title=Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment |journal=Symmetry |author=Ramalingam, C.; Mohan, P. |volume=13 |at=317 |year=2021 |doi=10.3390/sym13020317}}</ref> but also in laboratory [[Information management|data management]], particularly with clinical data.<ref name="ASPEShield">{{cite web |url=https://aspe.hhs.gov/shield-standardization-lab-data-enhance-patient-centered-outcomes-research-and-value-based-care |title=SHIELD - Standardization of Lab Data to Enhance Patient-Centered Outcomes Research and Value-Based Care |author=Office of the Assistant Secretary for Planning and Evaluation |publisher=U.S. Department of Health & Human Services |accessdate=21 August 2021}}</ref><ref name="FutrellCOVID21">{{cite web |url=https://www.mlo-online.com/information-technology/lis/article/21210723/covid19-highlights-need-for-laboratory-data-sharing-and-interoperability |title=COVID-19 highlights need for laboratory data sharing and interoperability |author=Futrell, K. |work=Medical Laboratory Observer |date=22 February 2021 |accessdate=21 August 2021}}</ref> The U.S.' current SHIELD initiative speaks to that, aiming "to improve the quality, interoperability and portability of laboratory data within and between institutions so that diagnostic information can be pulled from different sources or shared between institutions to help illuminate clinical management and understand health outcomes."<ref name="ASPEShield" /> You see this same emphasis taking place in regards to cloud systems and biomedical research data sharing and the associated benefits of having interoperable, portable data using cloud systems.<ref name="OnsongoImplem14">{{cite journal |title=Implementation of Cloud based Next Generation Sequencing data analysis in a clinical laboratory |journal=BMC Research Notes |author=Onsong, G.; Erdmann, J.; Spears, M.D. et al. |volume=7 |at=314 |year=2014 |doi=10.1186/1756-0500-7-314 |pmid=24885806 |pmc=PMC4036707}}</ref><ref name="AfganGenomics15">{{cite journal |title=Genomics Virtual Laboratory: A Practical Bioinformatics Workbench for the Cloud |journal=PLoS One |author=Afgan, E.; Sloggett, C.; Goonasekera, N. et al. |volume=10 |issue=10 |at=e0140829 |year=2015 |doi=10.1371/journal.pone.0140829 |pmid=26501966 |pmc=PMC4621043}}</ref><ref name="NavaleCloud18">{{cite journal |title=Cloud computing applications for biomedical science: A perspective |journal=PLoS Computational Biology |author=Navale, V.; Bourne, P.E. |volume=14 |issue=6 |at=e1006144 |year=2018 |doi=10.1371/journal.pcbi.1006144 |pmid=29902176 |pmc=PMC6002019}}</ref><ref name="OgleNamed21">{{cite journal |title=Named data networking for genomics data management and integrated workflows |journal=Frontiers in Big Data |author=Ogle, C.; Reddick, D.; McKnight, C.; Biggs, T.; Pauly, R.; Ficklin, S.P.; Feltus, F.A.; Shannigrahi, S. |volume=4 |at=582468 |year=2021 |doi=10.3389/fdata.2021.582468 |pmid=33748749 |pmc=PMC7968724}}</ref>
 
As Levite and Kalwany point out, interoperability and portability is also useful in the discussion on whether or not to use two or more CSPs. Let's again highlight their questions<ref name="LeviteCloud20" /> (which will also be important to the next chapter on choosing and implementing your cloud solutions):
 
* How interoperable or compatible is one public CSP's services with another public CSP's services, as well as with your on-premises IT systems? 
* How portable or transferable are your data and applications when needing to move them from one cloud service to another, as well as to and from your on-premises solutions?
 
These two questions, along with the vendor lock-in conundrum, are illustrated well in the ongoing saga of the Pentagon's JEDI project. The Joint Enterprise Defense Infrastructure (JEDI) project was officially kicked into gear in 2018 with a request for proposal (RFP), seeking to find a singular cloud computing provider to help usher in a new cloud-based era for Defense Department operations. The adamancy towards choosing only one CSP, despite the sheer enormity of the contract, quickly raised the eyebrows or watchdogs and major industry players even before the RFP was released. Claims of one provider having too much influence over government IT, as well an already skewed bidding process in favor of Amazon, complicated matters further.<ref name="GreggPent18">{{cite web |url=https://www.washingtonpost.com/business/capitalbusiness/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract/2018/08/05/352cfee8-972b-11e8-810c-5fa705927d54_story.html |archiveurl=https://web.archive.org/web/20180807051800if_/https://www.washingtonpost.com/business/capitalbusiness/pentagon-doubles-down-on-single-cloud-strategy-for-10-billion-contract/2018/08/05/352cfee8-972b-11e8-810c-5fa705927d54_story.html?utm_term=.130ed427f134 |title=Pentagon doubles down on ‘single-cloud’ strategy for $10 billion contract |author=Gregg, A. |work=The Washington Post |date=05 August 2018 |archivedate=07 August 2018 |accessdate=21 August 2021}}</ref> Defending the stance of choosing only one CSP, the Digital Defense Service's deputy director Tim Van Name cited an "overall complexity" increase that would come from awarding the RFP to multiple CSPs, given the challenges already inherent to Defense Department data management in and out of the battlefield. Van Name also cited a "lack of standardization and interoperability" of complex cloud deployments as another barrier to accessing data when and where they need it.<ref name="MitchellDoD18">{{cite web |url=https://www.fedscoop.com/dod-pentagon-jedi-cloud-contract-single-award/ |title=DOD defends its decision to move to commercial cloud with a single award |author=Mitchell, B. |work=FedScoop |date=08 March 2018 |accessdate=21 August 2021}}</ref> This has inevitably led to a number of lawsuits before and after Microsoft was awarded the contract, which has dragged on into the first quarter of 2021. With legal battles raging and an overarching "urgent, unmet requirement" by the Defense Department still not being realized because of the litigation, the government is rumored to be considering taking a loss on the single-vendor JEDI plan and moving forward with a multicloud plan, particularly with the departure of senior officials who originally backed the single cloud proposal.<ref name="GreggWithA21">{{cite web |url=https://www.washingtonpost.com/business/2021/02/10/jedi-contract-pentagon-biden/ |archiveurl=https://web.archive.org/web/20210211065108if_/https://www.washingtonpost.com/business/2021/02/10/jedi-contract-pentagon-biden/ |title=With a $10 billion cloud-computing deal snarled in court, the Pentagon may move forward without it |author=Gregg, A. |work=The Washington Post |date=10 February 2021 |archivedate=11 February 2021 |accessdate=21 August 2021}}</ref><ref name="AlspachMicro21">{{cite web |url=https://www.crn.com/news/cloud/microsoft-could-lose-jedi-contract-if-aws-case-isn-t-dismissed-report |title=Microsoft Could Lose JEDI Contract If AWS Case Isn’t Dismissed: Report |author=Alspach, K. |work=CRN |date=05 March 2021 |accessdate=21 August 2021}}</ref><ref name="NixMicro21">{{cite web |url=https://www.seattletimes.com/business/microsofts-10-billion-pentagon-deal-at-risk-amid-amazon-fight/ |title=Microsoft’s $10 billion Pentagon deal at risk amid Amazon fight |author=Nix, N. |work=The Seattle Times |date=07 March 2021 |accessdate=21 August 2021}}</ref> The success of the CIA's C2E cloud-based program, which was awarded to five cloud providers, may prove to be a further catalyst.<ref name="GreggPent18" />
 
What does all this mean for the average laboratory? At a minimum, there may be some benefit to having, for example, redundant data backup in the cloud, particularly if your lab feels that sensitive data can be safely moved to the cloud, and that there's overall cost savings long-term (vs. investing in local data storage). But that "either-or" view doesn't entirely address potential risks associated with vendor lock-in and the need for data availability and durability. As such, having data stored in multiple locations makes sense, even if that means moving data to two different cloud providers. With a bit of analysis of data access patterns and a solid understanding of your data types and sensitivities, it may be possible to make this sort of multicloud data storage more cost-effective.<ref name="WaibelCost17">{{cite journal |title=Cost-optimized redundant data storage in the cloud |journal=Service Oriented Computing and Applications |author=Waibel, P.; Matt, J.; Hochreiner, C. et al. |volume=11 |pages=411–26 |year=2017 |doi=10.1007/s11761-017-0218-9}}</ref> However, remember that the traceability of your data is also important, and if quality data goes into the cloud service, then it will be easier to find, in theory. As is, it's already a challenge for many laboratories to locate original data—particularly older data—and some labs still don't have clear data storage policies.<ref name="AndersonIts10_17">{{cite journal |title=It's 10 pm; Do You Know Where Your Data Are? Data Provenance, Curation, and Storage |journal=Circulation Research |author=Anderson, M.E.; Ray, S.C. |volume=120 |issue=10 |pages=1551-1554 |year=2017 |doi=10.1161/CIRCRESAHA.116.310424 |pmid=28495991 |pmc=PMC5465863}}</ref> As such, any transition to the cloud should also be considering the value of reinforcing existing data management strategies or, forbid they don't exist, getting started on developing such strategies. In conjunction with reviewing or creating data management strategies, [[data cleansing]] may be required to make the data more meaningful, findable, and actionable.<ref name="AtlassianClean21">{{cite web |url=https://support.atlassian.com/migration/docs/clean-up-your-server-instance-before-migration/ |title=Clean up your server instance before migration |work=Atlassian Support |publisher=Atlassian |date=17 March 2021 |accessdate=21 August 2021}}</ref><ref name="SADASaysNine19">{{cite web |url=https://sada.com/insights/blog/9-steps-for-migrating-databases-to-the-cloud/ |title=9 STEPS FOR MIGRATING DATABASES TO THE CLOUD |author=SADA Says |publisher=SADA, Inc |date=22 August 2019 |accessdate=21 August 2021}}</ref> This concept holds true even if a multicloud deployment doesn't make sense for you but a hybrid cloud deployment with local backups does. This hybrid approach may especially make sense if the lab uses a [[scientific data management system]] (SDMS). As Agilent notes, if you already have an on-premises SDMS, "extending the data storage capacity by connecting to a cloud storage location is a logical first step. This hybrid approach can use cloud storage in both a passive/active capacity while also taking advantage of turnkey archival solutions that the cloud offers."<ref name="AgilentCloud19">{{cite web |url=https://www.agilent.com/cs/library/whitepaper/public/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf |format=PDF |title=Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps |author=Agilent Technologies |publisher=Agilent Technologies |date=21 February 2019 |accessdate=21 August 2021}}</ref>
 
But what about the concept of vendor lock-in overall? How much should a laboratory worry about this scenario, particularly in regards to, for example, moving from an on-premises LIMS to one hosted in the cloud? Some like tech reporter Kimberley Mok, writing for ''Protocol'', argue that as major CSPs begin to make multicloud-friendly upgrades to their infrastructure, and as users perform more rigorous vetting of CSPs and migrate to more portable, containerized software solutions, the threat of vendor lock-in is gradually diminishing.<ref name="MokShould20">{{cite web |url=https://www.protocol.com/manuals/new-enterprise/vendor-lockin-cloud-saas |title=Should we really be worried about vendor lock-in in 2020? |author=Mok, K. |work=Protocol |date=01 December 2020 |accessdate=21 August 2021}}</ref> However, business owners remain fearful. A summer 2020 survey published by business communications company Mitel found that among more than 1,100 European IT decision makers, a top contractual priority with a CSP was avoiding vendor lock-in; "46% of respondents [said they] want the ability to change provider quickly if the service contract is not fulfilled."<ref name="MitelCloud20">{{cite web |url=https://www.mitel.com/en-gb/about/newsroom/press-releases/european-companies-show-newfound-maturity |title=Cloud Communications: European Companies Show Newfound Maturity |publisher=Mitel |date=20 July 2020 |accessdate=21 August 2021}}</ref>
 
In the end, the laboratory will have to come down to a crucial decision: do we outsource services to several specialists (i.e., disaggregation) or stick to one, risking vendor lock-in? U.K. business software developer Advanced's chief product officer Amanda Grant provides this insight<ref name="IsmailHowTo20">{{cite web |url=https://www.information-age.com/how-to-avoid-cloud-vendor-lock-in-advantage-multi-cloud-123490572/ |title=How to avoid cloud vendor lock-in and take advantage of multi-vendor sourcing options |author=Ismail, N. |work=InformationAge |date=04 August 2020 |accessdate=21 August 2021}}</ref>:
 
<blockquote>For larger enterprises, disaggregation works best. The vast operations they undertake require a level of scalability and expertise that is best delivered by specialist companies. These specialists can target specific and more complex needs as well as support mission-critical operations directly.
 
[For mid-sized organizations,] disaggregation demands a lot of internal investment. They would need in-house expertise to manage multiple suppliers and successfully integrate the services. The alternative would be to use an open ecosystem that brings all their cloud software solutions together in one place. This enables users to consume all of their cloud applications with ease while minimizing risk of vendor lock-in.</blockquote>
 
It's possible that as cloud computing continues to evolve, interoperability and portability of data, as well as tools for better data traceability, will continue to be a priority for the industry overall, potentially through continued standardization efforts.<ref name="RamalingamAddress21" /> As a result, perhaps the discussions of vendor lock-in will be less commonplace, with multicloud deployments becoming common discussion. The adoption of open-source technologies as part of an organization's cloud migration may also help with interoperability with other cloud platforms in the future.<ref name="NangareAnOver19">{{cite web |url=https://devops.com/an-overview-of-cloud-migration-and-open-source/ |title=An Overview of Cloud Migration and Open Source |author=Nangare, S. |work=DevOps.com |date=13 December 2019 |accessdate=21 August 2021}}</ref> In the meantime, laboratory decision makers will have to weigh the sensitivity of their data, that data's cloud-readiness, the laboratory budget, the potential risks, and the potential rewards of moving its operations to more complex but productive hybrid cloud and multicloud environments. The final decisions will differ, sometimes drastically, from lab to lab, but the risk management processes and considerations from Chapter 3 should be the same: same starting point but different destinations.
 
That leads us to the next chapter of our guide on the managed security service provider (MSSP), an entity that provides monitoring and management of security devices and systems in the cloud, among other things. These providers make make it considerably easier, and more secure, for a laboratory to implement cloud computing in their organization.
 
==References==
{{Reflist|colwidth=30em}}
 
 
==Citation information for this chapter==
'''Chapter''': 4. Cloud computing in the laboratory
 
'''Title''': ''Choosing and Implementing a Cloud-based Service for Your Laboratory''
 
'''Edition''': First edition
 
'''Author for citation''': Shawn E. Douglas
 
'''License for content''': [https://creativecommons.org/licenses/by-sa/4.0/ Creative Commons Attribution-ShareAlike 4.0 International]
 
'''Publication date''': August 2021

Revision as of 23:35, 3 February 2022

So far in this guide, the assumption has been made that your organization—whether a laboratory or some other business type—will either have the knowledgeable and experienced onsite personnel to assist with a cloud implementation or will acquire such people as new hires or contracted consultants. But as the age of cloud computing has progressed ever onward and more businesses have moved to the cloud, a third option has emerged: have someone else, like an MSSP, manage most of the implementation and security details for you.